Lucene search

[email protected]CVE-2009-4655

HistoryFeb 26, 2010 - 6:30 p.m.

CVE-2009-4655

2010-02-2618:30:00

CWE-310

[email protected]

web.nvd.nist.gov

novell

edirectory

8.8.5

dhost

web service

session hijack

predictable cookie

cve-2009-4655

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.067 Low

EPSS

Percentile

93.9%

JSON

The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.

Affected configurations

NVD

Node

novelledirectoryMatch8.8.5

CPENameOperatorVersion
novell:edirectorynovell edirectoryeq8.8.5

CPE	Name	Operator	Version
novell:edirectory	novell edirectory	eq	8.8.5

References

osvdb.org/60035

www.metasploit.com/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie

www.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb

exchange.xforce.ibmcloud.com/vulnerabilities/56613

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.067 Low

EPSS

Percentile

93.9%

JSON

Related for CVE-2009-4655

prion1 openvas1 cvelist1 nessus1 nvd1